ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	101e1b36cc	avcodec/jpeglsdec: check err value for ls_get_code_runterm() Fixes infinite loop Fixes Ticket3086 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit cc0e47b55096361723b364afa43b79a3f5619cdc) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-01-16 20:54:14 +01:00
Michael Niedermayer	9a073b1f0f	avcodec/parser: reset indexes on realloc failure Fixes Ticket2982 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f31011e9abfb2ae75bb32bc44e2c34194c8dc40a) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-01-16 20:54:14 +01:00
Martin Storsjö	a94d12b690	arm: Don't clobber callee saved registers in scalarproduct q4-q7/d8-d15 are supposed to not be clobbered by the callee. CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit d307e408d4a9ada22df443cc38be77cc5e492694)	2013-12-21 10:00:40 +01:00
Michael Niedermayer	c7ab9de727	avcodec/ffv1enc: update buffer check for 16bps Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3728603f1854b5c79d1a64dd3b41b80640ef1e7f) Conflicts: libavcodec/ffv1enc.c (cherry picked from commit c900c6e5c26cd86cf34f9c8d4347cedbd01f3935)	2013-09-09 20:51:01 +02:00
Michael Niedermayer	b51c4df35b	avcodec/dsputil: fix signedness in sizeof() comparissions Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 454a11a1c9c686c78aa97954306fb63453299760) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-08-30 23:49:16 +02:00
Michael Niedermayer	6ad4a116a2	avcodec/rpza: Perform pointer advance and checks before using the pointers Fixes out of array accesses Fixes Ticket2850 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3819db745da2ac7fb3faacb116788c32f4753f34) Conflicts: libavcodec/rpza.c (cherry picked from commit edba432b8b01d68c22e70a508f47553359f59fb5) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-08-22 01:44:29 +02:00
Michael Niedermayer	a77cf47d88	huffyuvdec: Skip len==0 cases Fixes vlc decoding for hypothetical files that would contain such cases. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 0dfc01c2bbf4b71bb56201bc4a393321e15d1b31) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5ff41ffeb4cb9ea6df49757dc859619dc3d3ab4f) Conflicts: libavcodec/huffyuv.c (cherry picked from commit 9bc70fe1ae50fd2faa0b9429d47cfbda01a92ebc) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-01-29 19:29:05 +01:00
Michael Niedermayer	a7faa1d070	huffyuvdec: Check init_vlc() return codes. Prevents out of array writes Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f67a0d115254461649470452058fa3c28c0df294) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 95ab8d33e1a680f30a5a9605175112008ab81afc) Conflicts: libavcodec/huffyuv.c (cherry picked from commit 277def59fce10d91e3113e5c0f63e22bc4abfa88) Conflicts: libavcodec/huffyuv.c (cherry picked from commit adf022f458d75e2c8041262e1906a249366ad518) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-01-29 18:37:08 +01:00
Michael Niedermayer	f48d1fb167	Merge remote-tracking branch 'qatar/release/0.6' into release/0.6 * qatar/release/0.6: vorbis: Validate that the floor 1 X values contain no duplicates. lavfi: avfilter_merge_formats: handle case where inputs are same mpegvideo: Don't use ff_mspel_motion() for vc1 imgconvert: avoid undefined left shift in avcodec_find_best_pix_fmt nuv: check RTjpeg header for validity vc1dec: add flush function for WMV9 and VC-1 decoders mov: set AVCodecContext.width/height for h264 h264: allow cropping to AVCodecContext.width/height Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-10-16 18:00:02 +02:00
Alex Converse	0e2f415adf	vorbis: Validate that the floor 1 X values contain no duplicates. Duplicate values in this vector are explicitly banned by the Vorbis I spec and cause divide-by-zero crashes later on. (cherry picked from commit ecf79c4d3e8baaf2f303278ef81db6f8407656bc) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 9aaaeba45c41cf2b3fa4100abbdee7437428f93c) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit d6e250abfc36b239ef0c1fc9d45d588b853bfcb9) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-10-06 09:47:41 +02:00
Michael Niedermayer	c82ae85a8a	mpegvideo: Don't use ff_mspel_motion() for vc1 Using ff_mspel_motion assumes that s (a MpegEncContext poiinter) really is a Wmv2Context. This fixes crashes in error resilience on vc1/wmv3 videos. CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 18f2d5cb9c48d06895960f37467576725c9dc2d1) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit da0c457663479bc1828918e1bb3e4a5e4de0d557) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 899d95efe12f1e250b361837c1c8c06df9ac9b86) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-10-06 09:46:14 +02:00
Janne Grunau	fd7426ed89	imgconvert: avoid undefined left shift in avcodec_find_best_pix_fmt CC: libav-stable@libav.org (cherry picked from commit 39bb27bf79bc4c2d8beaed637a14176264cb1916) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 7a7229b52d1900279041991fadbd29b27e8dfe95) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 8812b5f164109553f009ce385e17a1af16b6ea53) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-10-06 09:46:08 +02:00
Janne Grunau	459feb7cce	nuv: check RTjpeg header for validity CC: libav-stable@libav.org (cherry picked from commit 859a579e9bbf47fae2e09494c43bcf813dcb2fad) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 6704522ca9dd32c858ee474492be568c386910f9) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit f31170d4e7f9671e019315391160d454b18d7296) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-10-06 09:46:03 +02:00
Kostya Shishkov	aa41212767	vc1dec: add flush function for WMV9 and VC-1 decoders CC: libav-stable@libav.org (cherry picked from commit 4dc8c8386eef942dba35c4f2fb3210e22b511a5b) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 02b72394627933dc8ce26445231a69f00dba491b) Conflicts: libavcodec/vc1dec.c Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 0173a7966b331105158a88f96b9afcc431d2fef8) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-10-06 09:45:49 +02:00
Ronald S. Bultje	371e221d63	dxva2: include dxva.h if found Apparently, some build environments require dxva.h even for dxva2, while others lack this header entirely. Including it conditionally allows building in both cases. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit fa84506177f0246b30d4ea6a99ee5d419f3e4550) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-09-13 04:41:59 +02:00
Mans Rullgard	4eea330a2a	h264: allow cropping to AVCodecContext.width/height Override the frame size from the SPS with AVCodecContext values if the latter specify a size smaller by less than one macroblock. This is required for correct cropping of MOV files from Canon cameras. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit 30f515091c323da59c0f1b533703dedca2f4b95d) Conflicts: libavcodec/h264.c (cherry picked from commit e1608014c50eeb9f4744a53de0794eb6bb1269a2) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit b102d5d97daedb717c023ec7bfa43047d97de284) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-06-10 09:54:47 +02:00
Michael Niedermayer	62133b38ed	h263: disable loop filter with lowres Fixes ticket1212 Found-by: Piotr Bandurski <ami_stuff@o2.pl> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit cc229d4e83889d1298f1a0863b55feec6c5c339a) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-06-09 21:36:19 +02:00
Michael Niedermayer	6b14563c0e	wmv1: check that the input buffer is large enough Fixes null ptr deref Fixes Ticket1367 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f23a2418fb0ccc56fdae4dbf83a5994cc917c475) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-06-09 21:36:15 +02:00
Michael Niedermayer	3074e8f78c	yopdec: check frame oddness to be within supported limits Fixes Ticket1365 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit febc013dc5d6db1535a4f91cf02fa8089038937c) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-06-09 21:36:10 +02:00
Michael Niedermayer	e37599001c	yopdec: check that palette fits in the packet Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit b6fdf8dea7aaf3cb9a979dce91f752c2ce3086a3) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-06-09 21:36:05 +02:00
Michael Niedermayer	32ac7c0cf6	truemotion1: Check index, fix out of array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit fd4c1c0b70b5a06dd572d7e27799a2f4c3d9b984) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-06-09 21:35:40 +02:00
Michael Niedermayer	9291fc8813	motionpixels: check extradata size Fixes null ptr derefernce Fixes Ticket1363 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 50122084a6b3be06781a2b3d8ec036f2d67c32e3) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-06-09 21:35:03 +02:00
Michael Niedermayer	62cbdd71eb	yop: check for missing extradata Fixes null ptr deref Fixes Ticket1361 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 77a4c8b959fa9bc6bcaa42b40a0b046cdf3fec38) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-06-09 21:34:50 +02:00
Michael Niedermayer	42bdeaecd4	cdgraphics: Fix out of array write Fixes Ticket1359 Found-by: Piotr Bandurski <ami_stuff@o2.pl> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 1e5c7376c4ed733910845c9a09e272ac7696b1f4) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-06-09 21:34:34 +02:00
Michael Niedermayer	598eb973a7	Merge remote-tracking branch 'qatar/release/0.6' into release/0.6 * qatar/release/0.6: (32 commits) Bump version number for 0.6.6 release. tqi: Pass errors from the MB decoder ea: check chunk_size for validity. png: check bit depth for PAL8/Y400A pixel formats. dxva2: define required feature selection macros mingw32: merge checks for mingw-w64 and mingw32-runtime >= 3.15 into one mingw32: properly check if vfw capture is supported by the system headers configure: properly check for mingw-w64 through installed headers. mingw-w64 can also target 32-bit code. qdm2: clip array indices returned by qdm2_get_vlc(). kmvc: Check palsize. shorten: Use separate pointers for the allocated memory for decoded samples. shorten: check for realloc failure shorten: Fix out of bound writes in fix_bitshift() shorten: Prevent block size from increasing shorten: remove VLA and check for buffer overflow adpcm: ADPCM Electronic Arts has always two channels h264: Add check for invalid chroma_format_idc aacsbr: prevent out of bounds memcpy(). dpcm: ignore extra unpaired bytes in stereo streams. vqavideo: return error if image size is not a multiple of block size ... Conflicts: libavcodec/atrac3.c libavcodec/h264_ps.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-06-04 12:38:11 +02:00
Michael Niedermayer	83fa442b71	tqi: Pass errors from the MB decoder This silences some valgrind warnings. CC: libav-stable@libav.org Fixes second half of http://ffmpeg.org/trac/ffmpeg/ticket/794 Bug found by: Oana Stratulat Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit f85334f58e1286287d0547a49fa9c93b40cbf48f) (cherry picked from commit 90290a5150e84fb138ccde57657dc03830f08c1c) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 5872580e65aab026b77754eb184f97ba7cc6ea35) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 2f2fd8c6d1c51a6b817e6c0bc4eff308b8f9cd18) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-06-03 21:35:17 +02:00
Ronald S. Bultje	e17b1536a1	png: check bit depth for PAL8/Y400A pixel formats. Wrong bit depth can lead to invalid rowsize values, which crashes the decoder further down. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit d2205d6543881f2e6fa18c8a354bbcf91a1235f7) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit b8d6ba9d50e80fdce2ed74cdaffd4960df8a21c5) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 33f93005f1a86c108302b4c5978aa1a3d8e092cc) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-06-03 21:35:16 +02:00
Kyle	97ed486fff	dxva2: define required feature selection macros Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit 04973f8082c5a822112d2e42d535b7f3f59dccc0) Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>	2012-06-02 19:25:12 -04:00
Ronald S. Bultje	4bccd5a36b	qdm2: clip array indices returned by qdm2_get_vlc(). Prevents subsequent overreads when these numbers are used as indices in arrays. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 64953f67f98da2e787aeb45cc7f504390fa32a69) Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Conflicts: libavcodec/qdm2.c	2012-06-02 19:25:12 -04:00
Alex Converse	07bff95176	kmvc: Check palsize. Fixes: CVE-2011-3952 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Based on fix by Michael Niedermayer (cherry picked from commit 386741f887714d3e46c9e8fe577e326a7964037b) (cherry picked from commit 416849f2e06227b1b4a451c392f100db1d709a0c) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 21:21:53 +02:00
Michael Niedermayer	cfad9930ff	shorten: Use separate pointers for the allocated memory for decoded samples. Fixes invalid free() if any of the buffers are not allocated due to either not decoding a header or an error prior to allocating all buffers. Fixes CVE-2012-0858 CC: libav-stable@libav.org Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 204cb29b3c84a74cbcd059d353c70c8bdc567d98) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 6fc3287b9ccece290c5881b92948772bbf72e68c) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 96ed18cab1048f03ff1c825f46b25d49218f1da4) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 21:21:53 +02:00
Justin Ruggles	46d9022859	shorten: check for realloc failure (cherry picked from commit 9e5e2c2d010c05c10337e9c1ec9d0d61495e0c9c) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit a207a2fecc6a77735ab0cf209fdba0b4dd942a86) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 21:21:53 +02:00
Laurent Aimar	58b3f439cc	shorten: Fix out of bound writes in fix_bitshift() The data pointers s->decoded[*] already take into account s->nwrap. Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit 5f05cf4ea9aaafed8edcabe785c2719786103ec1) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 737bea21b6c2c1d4dca0b7b18824c0a3205556d2) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 21:21:53 +02:00
Laurent Aimar	8f924ee66f	shorten: Prevent block size from increasing Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit 95010d18b2d808db9a49377e41bc2f7cf4dfa03e) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 22949c42edf5352c5fa8c43870efe20698432b35) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 21:21:53 +02:00
Måns Rullgård	40cb7b3b49	shorten: remove VLA and check for buffer overflow Originally committed as revision 23798 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit 02591641f88097aec2a573f0ae384c8b87bcfe3b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 21:21:53 +02:00
Janne Grunau	15c819e23f	adpcm: ADPCM Electronic Arts has always two channels Fixes half of http://ffmpeg.org/trac/ffmpeg/ticket/794 Adresses CVE-2012-0852 (cherry picked from commit bb5b3940b08d8dad5b7e948e8f3b02cd2eb70716) Conflicts: libavcodec/adpcm.c Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit b581580bd1cc8506befa65b0a5c9ae429240f21f) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 21:21:53 +02:00
Alexander Strange	7a5fbe4034	h264: Add check for invalid chroma_format_idc Fixes a crash when FF_DEBUG_PICT_INFO is used. Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit 6ef4063957aa5025c8d2cd757b6a537e4b6874df) Fixes: CVE-2012-0851 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 47132345184dc3d0ff962a57a1225564fe979548) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit c5f7c755cfccd7aa01010a2d566104c2b0fa6d86) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 21:21:53 +02:00
Alex Converse	32b73701c7	aacsbr: prevent out of bounds memcpy(). Fixes Libav Bug 195. Fixes CVE-2012-0850 This doesn't make the code handle sample rate or upsample/downsample change properly but this is still a good sanity check. Based on change by Michael Niedermayer. Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit 17ce52912f59a74ecc265e062578fb1181456e18) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 01804cc91ab231ac79092eee21325d7644357975) Conflicts: libavcodec/aacsbr.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 21:21:53 +02:00
Alex Converse	212217504a	dpcm: ignore extra unpaired bytes in stereo streams. Fixes: CVE-2011-3951 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit ce7aee9b733134649a6ce2fa743e51733f33e67e) (cherry picked from commit eaeaeb265fe46e1d81452960de918227541873b4) Conflicts: libavcodec/dpcm.c Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 1ce9c93198fc997e8f23934a78e2937af670e4e9) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 21:21:52 +02:00
Mans Rullgard	e02249b130	vqavideo: return error if image size is not a multiple of block size The decoder assumes in various places that the image size is a multiple of the block size, and there is no obvious way to support odd sizes. Bailing out early if the header specifies a bad size avoids various errors later on. Fixes CVE-2012-0947. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit 58b2e0f0f2fc96c1158e04f8aba95cbe6157a1a3) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit d5207e2af81580dd5e6277b354c8b459c3624f26) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit c71c77e56fcc6d469d45e1c8ce04aa053124d3f8) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 21:21:52 +02:00
Alex Converse	bf0ec375ef	celp filters: Do not read earlier than the start of the 'out' vector. CC: libav-stable@libav.org (cherry picked from commit 37ddd3833219fa7b913fff3f5cccc6878b047e6b) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 9ea94c44b1b414ab3bc6e9220ebb77621423ca38) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 08c81f7365af96c1655767e68d6ec85bea50600c) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 21:21:52 +02:00
Alex Converse	e9c9707316	motionpixels: Clip YUV values after applying a gradient. Prevents illegal reads on truncated and malformed input. CC: libav-stable@libav.org (cherry picked from commit b5da848facd41169283d7bfe568b83bdfa7fc42e) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit aaa6a666774eb02c351c84e80622a5c69e9b642e) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 50073e2395522b6e2b8698ff0dd06ffaf8cbf8ce) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 21:21:52 +02:00
Michael Niedermayer	1156f07c6a	kgv1dec: Increase offsets array size so it is large enough. Fixes CVE-2011-3945 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 807a045ab7f51993a2c1b3116016cbbd4f3d20d6) Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit a02e8df973f5478ec82f4c507f5b5b191a5ecb6b) (cherry picked from commit d5f2382d0389ed47a566ea536887af908bf9b14f) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit a0b65938b7cf37680a4ce0667444a217a151c551) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-08 11:43:06 +02:00
Alex Converse	6ca010f209	mjpegbdec: Fix overflow in SOS. Based in part by a fix from Michael Niedermayer <michaelni@gmx.at> Fixes CVE-2011-3947 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit b57d262412204e54a7ef8fa1b23ff4dcede622e5) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 083a8a00373b12dc06b8ae4c49eec61fb5e55f4b) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 6ae95a0b93e8df15fe5f364535a7214be0817736) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-08 11:43:06 +02:00
Michael Niedermayer	224025d852	atrac3: Fix crash in tonal component decoding. Add a check to avoid writing past the end of the channel_unit.components[] array. Bug Found by: cosminamironesei Fixes CVE-2012-0853 CC: libav-stable@libav.org Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit c509f4f74713b035a06f79cb4d00e708f5226bc5) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit f43b6e2b1ed47a1254a5d44c700a7fad5e9784be) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit f728ad26f0ec87650d2986a892785c0e2b97d161) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-08 11:43:06 +02:00
ami_stuff	b56606e6bc	Replace SSE2 instruction in scalarproduct_float_sse() by SSE equivalent. Fixes an AAC decoding issue with the sample from ticket #213 on machines with SSE but without SSE2. Based on 89411a by Reimar. (cherry picked from commit f6b78638086beae9bcab672d4c9de1790be5a928)	2012-04-04 09:10:25 +02:00
Michael Niedermayer	1014e20492	atrac3: Fix crash in tonal component decoding. Fixes Ticket780 Bug Found by: cosminamironesei Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 9af6abdc17deb95c9b1f1d9242ba49b8b5e0b016) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-12 22:10:33 +01:00
Michael Niedermayer	431cf16963	h264: check chroma_format_idc range. Fixes Ticket758 Bug found by: Diana Elena Muscalu Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 7fff64e00d886fde11d61958888c82b461cf99b9) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-12 22:09:56 +01:00
Michael Niedermayer	e85296beae	Merge remote-tracking branch 'qatar/release/0.6' into release/0.6 * qatar/release/0.6: Release notes and changelog for 0.6.5 Bump version number for 0.6.5 release. vorbis: An additional defense in the Vorbis codec. vorbisdec: Fix decoding bug with channel handling Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-12 22:06:50 +01:00
Chris Evans	a5e0afe3c9	vorbis: An additional defense in the Vorbis codec. Fixes Bug: #190 Chromium Bug: #100543 Related to CVE-2011-3893 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit afb2aa537954db537d54358997b68f46561fd5a7) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit b0283ccb9e8945ce9e56f7c6ba0c676e7179d7a3) Conflicts: libavcodec/vorbis_dec.c	2012-01-08 09:29:16 +01:00

1 2 3 4 5 ...

11699 Commits